MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

4.12.09

Fragus is a web application developed for the management of zombies, of Russian origin, who long to live has been inserted crimeware clandestine market with an affordable price (USD 800) if we consider criminal capabilities it offers.

The crimeware is basically composed of five sections: Statistics, Files, Sellers, Traffic links and Preferences. Each handles a specific task and they all complement one another.

In the Files panel is handling the executable file that will spread.

Sellers are in management exploits. In this case, corresponding to the first version of Fragus.

Regarding the Traffic links module, allows the "previous" and setting the iframe script that will be injected into the page that shall act as "driver" for the implementation of the configurator exploits the previous panel, that look for vulnerabilities on the victim machine .

However, one of the patterns identified in each of the packages of this style is the Statistical module. This module provides the intelligence necessary for the botmaster get a detailed report of the teams not only zombies but also on certain aspects needed to know in detail what should exploit to run.

Another interesting patterns we can deduce on the basis of this information is that the operating system is exploited Windows XP with Internet Explorer, the exploit more effectively, despite being very old (MS06-014) is the one that takes the vulnerability in MDAC and that among the countries with the highest rates of infection are the USA and Korea.

This represents a common scenario where perhaps the relevance factor is the inference that perhaps common situation due to the large volume of user who uses the Microsoft operating system on a non-licensed, which leads to not update .

Finally, another important factor that must not be overlooked is that cyber-criminals are not interested in the controversy surrounding the safety levels offered by one or another operating system (Windows, GNU/Linux and Mac OS) but all fall into the same category of "potential victims" because the vulnerability exploited in layer 7.